While Microsoft has been attacked for its insane upgrading policy and tendency to collect a little too much personal data, Black Hat hackers say it is a tougher nut to crack.

Hackers at this year’s Black Hat conference admitted that developing a successful technique is now much harder with Windows 10.

According to PC World one of the problems is that Vole has developed antimalware scan interface (AMSI) tools that can catch malicious scripts in memory.

It quoted Nikhal Mittal, penetration tester and associate consultant with NoSoSecure as saying that any application can call it, and any registered antimalware engine can process the content submitted to AMSI. Windows Defender and AVG currently use AMSI, and it should become more widely adopted as this effectively blocks script-based attacks.

AMSI needs to work with other security methods and Windows administrators need to regularly monitor their PowerShell logs.

It can’t detect obfuscated scripts or scripts loaded from unusual places like WMI namespace, registry keys, and event logs and there are ways to bypass it by changing the signature of scripts, using PowerShell version 2, or disabling AMSI.

Another hacker headache is Microsoft’s virtualisation-based security (VBS), a set of security features baked into the hypervisor, in Windows 10.

Rafal Wojtczuk, chief security architect at Bromium said that despite its limited scope, VBS is useful -- it prevents certain attacks that are straightforward without it.

“The security posture of VBS looks good, and it improves the security of a system -- certainly it requires additional highly nontrivial effort to find suitable vulnerability allowing the bypass,” Wojtczuk said.

It is a pity really Vole did rather well with Windows 10, it is just a pity it blotted the whole thing by forcing it onto people and broadcasting so many personal details to Microsoft.

A group of Nigerian scammers might have accidently infected themselves with the same malware they want their victims to download.

The Nigerian scammer ring operates a new kind of attack called “wire-wire” which was so nasty that a few of its members accidentally infected themselves and managed to show all their operations to a security company.

SecureWorks researchers James Bettke,and Joe Stewart told the annual Black Hat security conference in Las Vegas that they had managed to get the inside leg measurement of the hacker team.

The group use a technique known as "Business Email Compromise," or BEC, in which they use internal corporate email accounts to execute fraudulent financial transactions. Or, in another approach scammers spoofed a CEO’s email from an external account to persuade an employee to send a wire transfer to their own bank account.

Wire-wire was a new spin on the attack and is harder to detect. Bettke and Stewart discovered the ring in February when five of the scammers self-infected their own computers with the same malware they were using to steal from others.

For months, the malware automatically loaded screenshots and keystrokes from compromised computers to an open web database. One of the infected scammers also frequently trained new scammers, which revealed even more details about their techniques. The SecureWorks team initially found the database by using the virus scanning tool VirusTotal to search for suspicious email attachments.

The wire-wire scammers begin by using a simple marketing tool to scrape the email addresses of businesses and employees from corporate websites. They hit these addresses with messages containing keylogger software or other malware in a process called “bombing”. Employees who click on a malicious link or open an infected attachment might be prompted to log in, providing scammers with the password to their email accounts.

Once they’re in they look for potential financial transactions. As soon as they see that the employee is sending an invoice to a customer, they reroute it through their own email account and physically alter the account number and routing number before forwarding it on to the customer.

The email address they use is often very similar to the original email address, so it’s easy to miss.

Since February, the SecureWorks team has witnessed the thieves deploy this method to reroute transactions averaging between US $30,000 and $60,000 from mostly small and medium-sized businesses making international deals. In one case, the attackers rerouted a $400,000 payment from a U.S. chemical company to its Indian supplier.

The scammers appear to be "family men" in their late 20s to 40s who are well-respected, church-going figures in their communities. “They're increasing the economic potential of the region they're living in by doing this, and I think they feel it is their patriotic duty to do this,” the researchers said.

SecureWorks team has notified Nigeria’s Economic and Financial Crimes Commission and their description of wire-wire scamming has led to at least one active investigation. They say the easiest way for business owners to prevent such attacks is to require two-step verification for employee logins.

There was a sharp intake of breath over the weekend when it was revealed that the Saudi Arabian government came close to buying control of the notorious Italian surveillance software company Hacking Team for $42 million – apparently with the assistance of the US.

For those who came in late, Hacking Team is notorious for selling its product to undemocratic regimes and Saudi Arabia was one of the unofficial sponsors of the Islamic State death cult

The Saudis found themselves a bit short when it came to cyber warfare and it did whatever rich people do when they are short of skills, they wrote a big cheque.

According to Il Fatto Quotidiano, the negotiations were handled by Wafic Said, a Syrian-born businessman based in the UK who is a close friend of the Saudi royal family, and also involved Ronald Spogli, a former US ambassador to Italy, who had an indirect investment in Hacking Team.

Fortunately the deal collapsed in early 2014 after Prince Bandar bin Sultan as head of the Saudi intelligence service lost his job. The former Saudi ambassador to Washington had backed the purchase but it was not supported by his successor.

Saudi Arabia, which is the head of the UN's human rights committee, is about to behead and crucify a bloke who participated in anti-government protests inspired by the Arab Spring. Ali al-Nimr has been sentenced to be beheaded and then crucified for crimes he allegedly committed at the age of 17.

However a Hacking Team spokesman pointed out that countries such as Saudi Arabia were allies of the West and it was important that they should receive instruments that enabled them to combat crime and terrorism.

However Hacking Team is not allowed to sell its technology to Saudi Arabia, however it is a little ironic that the whole company could be bought.

As well as being used to track Sunni fundamentalist terrorists, Hacking Team's technology was very likely deployed against Saudi Arabia's internal Shia opposition to the regime.

South Korean has found that a low-risk computer "worm" had been removed from devices connected to some nuclear plant control systems.

An investigation found no harmful virus was found in reactor controls threatened by a hacker. Apparently the reactor was getting spam from Dr Omgo from Nigeria who wanted to use its bank account to transfer a million dollars out of the country.

Korea Hydro & Nuclear Power said it would beef up cyber security by hiring more IT security experts and forming an oversight committee, as it came in for fresh criticism from lawmakers following recent hacks against its headquarters.

The nuclear operator, part of state-run utility Korea Electric Power, said earlier this month that non-critical data had been stolen from its systems, while a hacker threatened in Twitter messages to close three reactors.

Energy Minister Yoon Sang-jick told a parliamentary session that evidence of the presence and removal of a "worm" - which the ministry said was probably inadvertently introduced by workers using unauthorized USB devices - was unrelated to the recent hacking incidents.

South Korea, which relies on nuclear reactors for a third of its power and is the world's fifth-largest nuclear power user, have mounted since the 2011 Fukushima disaster in Japan and a domestic scandal in 2012 over the supply of reactor parts with fake security certificates.

A state inspired hacking campaign against military targets in Israel and Europe misused security-testing software to cover its tracks and enhance its capability.

Israel's independent Computer Emergency Response Team, or CERT said that the attack program relied on software usually sold by Boston-based Core Security to companies and other customers that want to test their own defences.

While criminal hackers have used penetration-testing tools such as Metasploit for years, most major government-sponsored hacks have specially written tools supplemented by free and widely available programs. This is because commercial programs could be traced back to specific customers.

The Core Security program, which typically costs $10,000 or $20,000, could help muddy the waters, and CrowdStrike analyst Tillmann Werner said it could also help a second-tier cyber-power skip some of the work frequently undertaken by China, Russia and the United States.

Werner and Cymmetria Chief Executive Gadi Evron, who also chairs the Israeli CERT, said they did not know who was behind the campaign but the smart money is on Iran.

The researchers dubbed the new campaign Rocket Kitten, following CrowdStrike's convention for naming all suspected Iranian hacking groups as Kittens.

Iran improved its Internet operations in the years since its nuclear program was attacked by Stuxnet, an unusually destructive virus developed by the United States and Israel.

Evron said the team had uncovered seven connected attacks so far since April, including attempts to steal information from an Israeli company "adjacent to the defence and aerospace industry.

The Israeli attempts went nowhere.

The attacks typically began with carefully targeted emails with a poisoned Excel spreadsheet attachment sent to top executives.

Hackers managed to access production networks at a German steel maker, allowing them to tamper with the controls of a blast furnace. According to a German government report, published by the Federal Office for Information Security (BSI), it was a rare case where a digital attack actually caused physical damage.

The attack used spear phishing and sophisticated social engineering techniques to gain access to the factory’s office networks, from which access to production networks was gained. Spear phishing involves the use of email that appears to come from within an organisation. After the system was compromised, individual components or even entire systems started to fail frequently.

One of the plant’s blast furnaces could not be shut down in a controlled manner, which resulted in “massive damage to plant,” the BSI said, describing the technical skills of the attacker as “very advanced.”

Hackers have had 79 serious hacking attacks on US energy companies in the last year that were investigated by the Computer Emergency Readiness Team, a division of the Department of Homeland Security.

This is better than the 145 incidents the previous year, but still a little worrying. While the hackers never managed to switch the lights off, the energy companies’ outermost defences are not holding up. Between April 2013 and 2014, hackers managed to break into 37 per cent of energy companies, according to a survey by ThreatTrack Security.

Cybersecurity firm FireEye (FEYE) identified nearly 50 types of malware that specifically target energy companies in 2013, according to its annual report. Energy firms get hit with more spy malware than other industries.

In March, TrustedSec discovered spy malware in the software that a major US energy provider uses to operate dozens of turbines, controllers and other industrial machinery. It had been there for a year.

Russian malware called BlackEnergy had found its way onto the software that controls electrical turbines in the United States.

Russian hackers have been using a harvest of passwords which were nicked during a huge raid earlier this year to break into Namecheap.com accounts.

CyberVors based in south central Russia quietly stole 4.5 billion username and password combinations. These hackers collected this data over many months, gaining access to these user credentials through vulnerable/poorly secured databases and backdoors/malware installed on insecure computers around the world.

Now according to Namecheap, its intrusion detection systems alerted us to a much higher than normal load against our login systems.

Upon investigation, we determined that the username and password data gathered from third party sites, likely the hacker data is being used to access to Namecheap.com accounts.

The group behind this is using the stored usernames and passwords to simulate a web browser login through fake browser software. This software simulates the actual login process a user would use if they are using Firefox/Safari/Chrome to access their Namecheap account. The hackers are going through their username/password list and trying each and every one to try and get into Namecheap user accounts.

So far the majority of these login attempts have been unsuccessful as the data is incorrect or old and passwords have been changed. However the company said it was blocking the IP addresses that appear to be logging in with the stolen password data.

“We are also logging these IP addresses and will be exporting blocking rules across our network to completely eliminate access to any Namecheap system or service, as well as making this data available to law enforcement,” the company said.

Sony had a miserable weekend. Not only did its game division had its servers targeted by online attackers, but the president of Sony's online entertainment division along with a full aircraft load of people were grounded too.

Sony Playstation network servers in North American went down early this morning due to a DDoS attack and John Smedley, the president of Sony Online Entertainment, had his American Airlines flight to San Diego grounded in Phoenix after a troll group called Lizard Squad tweeted at the airline that there might be explosives on-board.

Lizard Squad claimed credit for the DDoS attack, too but another hacker called Famed God also claimed credit and he provided proof.

American Airlines has yet to acknowledge Lizard Squad's threat as the reason for the diversion, citing only "a security related issue." However, the FBI is investigating.

Famed God has made it a hobby to take down Sony claiming it has not learnt anything since 2011 when the outfit was badly hacked. Famed God's motivation for the attack, taken from their YouTube video, was about protecting the users from future security breaches.

Lizard Squad tweeting a fake bomb threat at a plane is surely yet another ploy for fame, but what is strange is how they knew that Smedley was on the flight.